Dailymotion serves up malware to video-watchers

Network intrusion; Man-in-the-middle attack

The popular media-sharing site was compromised in a way that redirected users to a hacking tool.

The tool took advantage of vulnerabilities in computers running Java, Internet Explorer, and Flash Player.

“If the vulnerabilities were successfully exploited during the campaign, pay-per-click malware was then downloaded on the victim’s computer,” Symantec reports. The malware forces a computer to artificially generate traffic on pay-per-click Web advertisements to boost profits for the attackers.

It’s not clear if the assault was the result of Dailymotion itself being hacked or a malicious advertisement served through a third-party ad network, a common means of inserting rogue code on popular websites, according to Network World.